Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/BQWt02z4IYFrX0yiDUhNUfw88uI.roa
File:                     BQWt02z4IYFrX0yiDUhNUfw88uI.roa (raw, json)
Hash identifier:          /u0C3R4Mkst8mbCOYm/VyF00VfQlAlFj0G5sRfrQNWM=
Subject key identifier:   05:05:AD:D3:6C:F8:21:81:6B:5F:4C:A2:0D:48:4D:51:FC:3C:F2:E2
Certificate issuer:       /CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
Certificate serial:       018CC86FB059BAA65556875CB2F6D929622A
Authority key identifier: 2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/BQWt02z4IYFrX0yiDUhNUfw88uI.roa
Signing time:             Tue 02 Jan 2024 04:30:11 +0000
ROA not before:           Tue 02 Jan 2024 04:30:11 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     62159
IP address blocks:        185.32.181.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sat 08 Jun 2024 14:00:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c8:6f:b0:59:ba:a6:55:56:87:5c:b2:f6:d9:29:62:2a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=2f93d3ba197f5ce3098bfa7700b43854eaa80e9e
        Validity
            Not Before: Jan  2 04:30:11 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0505add36cf821816b5f4ca20d484d51fc3cf2e2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:52:ad:fd:06:9f:24:1d:85:f2:cf:f5:87:18:
                    c7:68:b0:46:7c:db:d7:3d:87:a3:41:9b:cb:c9:ab:
                    9a:97:b5:dc:39:91:ee:da:ba:d5:df:03:46:4b:36:
                    4e:58:1a:75:03:0d:67:d5:d4:2c:35:1f:99:0d:19:
                    26:da:82:5c:d0:57:b7:d0:35:0e:ac:ce:57:94:f1:
                    ff:af:80:a7:a2:dc:cf:51:01:94:2c:71:a6:02:4b:
                    6a:c5:de:92:2e:78:3a:29:93:94:fa:38:d0:34:de:
                    f1:62:26:52:ed:fb:15:cb:89:3c:07:81:44:6c:c8:
                    c3:a2:6a:95:eb:90:63:c8:73:0a:8e:f8:6a:db:db:
                    aa:55:02:71:4f:74:de:b2:3f:d6:97:88:8a:fa:10:
                    ca:cc:3e:73:bf:cd:1f:e7:24:c4:84:66:ff:fd:0e:
                    7d:34:62:73:7c:03:91:af:ad:18:70:e7:b2:fa:a1:
                    d6:f6:9d:05:72:a2:b8:eb:c0:54:b9:90:c3:7a:e0:
                    f5:96:98:dd:64:21:62:7b:4f:10:0e:d8:6b:a2:41:
                    22:14:c4:97:d5:45:56:33:3e:0a:34:b6:0f:13:83:
                    1d:96:18:e4:09:18:aa:62:90:2d:d3:30:fc:bf:a3:
                    68:35:bd:c2:c1:a3:02:e8:17:1d:47:51:b1:6f:23:
                    df:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:05:AD:D3:6C:F8:21:81:6B:5F:4C:A2:0D:48:4D:51:FC:3C:F2:E2
            X509v3 Authority Key Identifier:
                keyid:2F:93:D3:BA:19:7F:5C:E3:09:8B:FA:77:00:B4:38:54:EA:A8:0E:9E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/BQWt02z4IYFrX0yiDUhNUfw88uI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/24/7a87a0-8014-4605-9fb5-9e71dc24a683/1/L5PTuhl_XOMJi_p3ALQ4VOqoDp4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.32.181.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:97:2e:ae:56:11:c3:a4:a1:f4:2d:a1:c8:fb:82:07:78:aa:
         d1:dc:be:3c:40:2b:13:9a:bc:a6:a3:17:87:b4:dd:58:f2:49:
         fa:ce:bc:c9:a1:4f:a3:1b:38:4b:0b:f0:69:1a:8f:e8:72:6c:
         e7:e1:bc:73:d4:f4:e0:e1:6a:ec:c4:92:7f:d7:0a:6a:5c:da:
         a4:cd:12:86:9a:c0:33:a2:9f:83:06:f6:7c:c1:cb:f0:62:05:
         f2:12:3e:e2:bf:5e:ba:51:dd:fd:51:1f:2a:7a:17:f7:e3:b6:
         ae:15:7a:ab:fd:0e:6d:ce:ba:ca:bd:64:92:62:4e:34:cd:e3:
         0d:e8:d8:7b:da:ad:ed:c3:ee:1c:b8:e8:db:fe:ca:40:97:63:
         0d:2f:4a:d8:08:fa:8c:6d:4a:bd:d3:0c:52:c2:b3:0a:37:c8:
         fd:f1:ee:ee:e8:d6:4d:ac:69:cc:3d:17:6b:14:62:66:cd:4c:
         32:e5:ea:59:78:ed:5f:df:bd:9f:71:61:83:c1:1a:f1:2f:c4:
         f7:3b:1c:00:8c:b8:6f:28:e0:cb:ed:ef:68:04:78:48:3c:2e:
         e2:b4:47:58:13:35:ed:c8:55:04:ab:1e:23:71:5a:1a:7b:a5:
         a7:74:65:4b:49:ea:d8:cc:97:0e:f1:cd:97:e0:3a:82:22:28:
         ff:72:1b:81
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzIb7BZuqZVVodcsvbZKWIqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDJmOTNkM2JhMTk3ZjVjZTMwOThiZmE3NzAwYjQzODU0ZWFh
ODBlOWUwHhcNMjQwMTAyMDQzMDExWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwNTA1YWRkMzZjZjgyMTgxNmI1ZjRjYTIwZDQ4NGQ1MWZjM2NmMmUyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqlKt/QafJB2F8s/1hxjHaLBGfNvX
PYejQZvLyaual7XcOZHu2rrV3wNGSzZOWBp1Aw1n1dQsNR+ZDRkm2oJc0Fe30DUO
rM5XlPH/r4CnotzPUQGULHGmAktqxd6SLng6KZOU+jjQNN7xYiZS7fsVy4k8B4FE
bMjDomqV65BjyHMKjvhq29uqVQJxT3Tesj/Wl4iK+hDKzD5zv80f5yTEhGb//Q59
NGJzfAORr60YcOey+qHW9p0FcqK468BUuZDDeuD1lpjdZCFie08QDthrokEiFMSX
1UVWMz4KNLYPE4MdlhjkCRiqYpAt0zD8v6NoNb3CwaMC6BcdR1GxbyPfbwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFAUFrdNs+CGBa19Mog1ITVH8PPLiMB8GA1UdIwQY
MBaAFC+T07oZf1zjCYv6dwC0OFTqqA6eMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUt
OWU3MWRjMjRhNjgzLzEvQlFXdDAyejRJWUZyWDB5aURVaE5VZnc4OHVJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8yNC83YTg3YTAtODAxNC00NjA1LTlmYjUtOWU3MWRjMjRhNjgz
LzEvTDVQVHVobF9YT01KaV9wM0FMUTRWT3FvRHA0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAuSC1MA0G
CSqGSIb3DQEBCwUAA4IBAQBEly6uVhHDpKH0LaHI+4IHeKrR3L48QCsTmrymoxeH
tN1Y8kn6zrzJoU+jGzhLC/BpGo/ocmzn4bxz1PTg4WrsxJJ/1wpqXNqkzRKGmsAz
op+DBvZ8wcvwYgXyEj7iv166Ud39UR8qehf347auFXqr/Q5tzrrKvWSSYk40zeMN
6Nh72q3tw+4cuOjb/spAl2MNL0rYCPqMbUq90wxSwrMKN8j98e7u6NZNrGnMPRdr
FGJmzUwy5epZeO1f372fcWGDwRrxL8T3OxwAjLhvKODL7e9oBHhIPC7itEdYEzXt
yFUEqx4jcVoae6WndGVLSerYzJcO8c2X4DqCIij/chuB
-----END CERTIFICATE-----